resolve VPC ENI for pods with IPv6 addresses

Author: kishorj

pkg/networking/pod_eni_info_resolver.go

@@ -144,6 +144,7 @@ func (r *defaultPodENIInfoResolver) resolveViaCascadedLookup(ctx context.Context
 		r.resolveViaPodENIAnnotation,
 		r.resolveViaNodeENIs,
 		r.resolveViaVPCENIs,
+		r.resolveViaVPCENIsForIPv6,
 		// TODO, add support for kubenet CNI plugin(kops) by resolve via routeTable.
 	}
 
@@ -259,25 +260,26 @@ func (r *defaultPodENIInfoResolver) resolveViaVPCENIs(ctx context.Context, pods
 	if len(podKeysByIP) == 0 {
 		return nil, nil
 	}
-
-	podIPs := sets.StringKeySet(podKeysByIP).List()
+	var podIPs []string
+	for _, podIP := range sets.StringKeySet(podKeysByIP).List() {
+		if !strings.Contains(podIP, ":") {
+			podIPs = append(podIPs, podIP)
+		}
+	}
+	if len(podIPs) == 0 {
+		return nil, nil
+	}
 	podIPChunks := algorithm.ChunkStrings(podIPs, r.describeNetworkInterfacesIPChunkSize)
 	eniByID := make(map[string]*ec2sdk.NetworkInterface)
 	for _, podIPChunk := range podIPChunks {
-		ipAddressTypeFilterKey := "addresses.private-ip-address"
-		for _, podIP := range podIPChunk {
-			if strings.Contains(podIP, ":") {
-				ipAddressTypeFilterKey = "ipv6-addresses.ipv6-address"
-			}
-		}
 		req := &ec2sdk.DescribeNetworkInterfacesInput{
 			Filters: []*ec2sdk.Filter{
 				{
 					Name:   awssdk.String("vpc-id"),
 					Values: awssdk.StringSlice([]string{r.vpcID}),
 				},
 				{
-					Name:   awssdk.String(ipAddressTypeFilterKey),
+					Name:   awssdk.String("addresses.private-ip-address"),
 					Values: awssdk.StringSlice(podIPChunk),
 				},
 			},
@@ -305,6 +307,63 @@ func (r *defaultPodENIInfoResolver) resolveViaVPCENIs(ctx context.Context, pods
 	return eniInfoByPodKey, nil
 }
 
+// resolveViaVPCENIsForIPv6 attempts to resolve pod ENI by matching IPv6 podIP against ENIs in vpc.
+// With EKS fargate pods, podIP is supported by an ENI in vpc.
+func (r *defaultPodENIInfoResolver) resolveViaVPCENIsForIPv6(ctx context.Context, pods []k8s.PodInfo) (map[types.NamespacedName]ENIInfo, error) {
+	podKeysByIP := make(map[string][]types.NamespacedName, len(pods))
+	for _, pod := range pods {
+		podKeysByIP[pod.PodIP] = append(podKeysByIP[pod.PodIP], pod.Key)
+	}
+	if len(podKeysByIP) == 0 {
+		return nil, nil
+	}
+	var podIPs []string
+	for _, podIP := range sets.StringKeySet(podKeysByIP).List() {
+		if strings.Contains(podIP, ":") {
+			podIPs = append(podIPs, podIP)
+		}
+	}
+	if len(podIPs) == 0 {
+		return nil, nil
+	}
+	podIPChunks := algorithm.ChunkStrings(podIPs, r.describeNetworkInterfacesIPChunkSize)
+	eniByID := make(map[string]*ec2sdk.NetworkInterface)
+	for _, podIPChunk := range podIPChunks {
+		req := &ec2sdk.DescribeNetworkInterfacesInput{
+			Filters: []*ec2sdk.Filter{
+				{
+					Name:   awssdk.String("vpc-id"),
+					Values: awssdk.StringSlice([]string{r.vpcID}),
+				},
+				{
+					Name:   awssdk.String("ipv6-addresses.ipv6-address"),
+					Values: awssdk.StringSlice(podIPChunk),
+				},
+			},
+		}
+		enis, err := r.ec2Client.DescribeNetworkInterfacesAsList(ctx, req)
+		if err != nil {
+			return nil, err
+		}
+		for _, eni := range enis {
+			eniID := awssdk.StringValue(eni.NetworkInterfaceId)
+			eniByID[eniID] = eni
+		}
+	}
+
+	eniInfoByPodKey := make(map[types.NamespacedName]ENIInfo)
+	for _, eni := range eniByID {
+		eniInfo := buildENIInfoViaENI(eni)
+		for _, addr := range eni.Ipv6Addresses {
+			eniIPv6 := awssdk.StringValue(addr.Ipv6Address)
+			for _, podKey := range podKeysByIP[eniIPv6] {
+				eniInfoByPodKey[podKey] = eniInfo
+			}
+		}
+	}
+	return eniInfoByPodKey, nil
+}
+
 // isPodSupportedByNodeENI checks whether pod is supported by specific nodeENI.
 func (r *defaultPodENIInfoResolver) isPodSupportedByNodeENI(pod k8s.PodInfo, nodeENI *ec2sdk.InstanceNetworkInterface) bool {
 	for _, ipv4Address := range nodeENI.PrivateIpAddresses {